| Age | Commit message (Collapse) | Author |
|---|
|
Add missing "recvfd" pledge promise: Raf Czlonka reported
ssh coredumps when Control* keywords were set in ssh_config. This patch also
fixes similar problems with scp and sftp.
ok deraadt, looks good to millert
Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b
|
|
obsolete note about fascistloggin is obsolete. ok djm
dtucker
Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
|
|
If we don't have wcwidth force fallback implementations of nl_langinfo
and mbtowc. Based on advice from Ingo Schwarze.
|
|
|
|
Move implementations of err.h replacement functions into their own file
in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
|
|
Wrap includes in the appropriate #ifdefs.
|
|
bz#2590 - testing and patch from Jakub Jelen
|
|
DEBUGLIBS has been broken since the gcc4 switch, so delete
it. CFLAGS contains -g by default anyway
problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
ok millert@ kettenis@ deraadt@
Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
|
|
Improve crypto ordering for Encrypt-then-MAC (EtM) mode
MAC algorithms.
Previously we were computing the MAC, decrypting the packet and then
checking the MAC. This gave rise to the possibility of creating a
side-channel oracle in the decryption step, though no such oracle has
been identified.
This adds a mac_check() function that computes and checks the MAC in
one pass, and uses it to advance MAC checking for EtM algorithms to
before payload decryption.
Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
Martin Albrecht. feedback and ok markus@
Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
|
|
DEBUGLIBS has been broken since the gcc4 switch, so
delete it. CFLAGS contains -g by default anyway
problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
ok millert@ kettenis@ deraadt@
Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
|
|
Explicitly check for 100% completion to avoid potential
floating point rounding error, which could cause progressmeter to report 99%
on completion. While there invert the test so the 100% case is clearer. with
& ok djm@
Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
|
|
sort the -o list;
Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
|
|
fix AuthenticationMethods during configuration re-parse;
reported by Juan Francisco Cantero Hurtado
Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
|
|
revert 1.34; causes problems loading public keys
reported by semarie@
Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
|
|
grammar fix;
Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
|
|
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
|
|
ban AuthenticationMethods="" and accept
AuthenticationMethods=any for the default behaviour of not requiring multiple
authentication
bz#2398 from Jakub Jelen; ok dtucker@
Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
|
|
Include stdarg.h for va_copy as per man page.
Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd
|
|
keys stored in openssh format can have comments too; diff
from yonas yanfa, tweaked a bit;
ok djm
Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
|
|
Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
Fixes build on AIX.
|
|
|
|
Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message
about forward and reverse DNS not matching. We haven't supported IP-based
auth methods for a very long time so it's now misleading. part of bz#2585,
ok markus@
Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
|
|
Prevents link errors resolving the extern "options" when platform.o
gets linked into ssh-agent when building --with-pam.
|
|
There are a small number of "upstream" commits that do not correspond to
a file in -portable. This file tracks those so that we can reconcile
OpenBSD and Portable to ensure that no commits are accidentally missed.
If you add something to .skipped-commit-ids please also add an upstream
ID line in the following format when you commit it.
Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35
Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca
Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7
Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120
Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a
Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef
Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2
Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660
Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae
Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee
|
|
|
|
Back out rev 1.28 "Check min and max sizes sent by the
client" change. It caused "key_verify failed for server_host_key" in clients
that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
ok djm@
Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
|
|
Where possible, use Solaris setpflags to disable process tracing on
ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
at oracle.com, ok djm.
|
|
|
|
This should make it easier to add additional platform support such as
Solaris (bz#2584).
|
|
Add a test for ssh(1)'s config file parsing.
Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601
|
|
Add 'sshd' to the test ID as I'm about to add a similar
set for ssh.
Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a
|
|
stricter malloc.conf(5) options for utf8 tests
Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6
|
|
Fix two rare edge cases: 1. If vasprintf() returns < 0,
do not access a NULL pointer in snmprintf(), and do not free() the pointer
returned from vasprintf() because on some systems other than OpenBSD, it
might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
rather than -1 and NULL.
Besides, free(dst) is pointless after failure (not a bug).
One half OK martijn@, the other half OK deraadt@;
committing quickly before people get hurt.
Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
|
|
test the new utf8 module
Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
|
|
Set umask to prevent "Bad owner or permissions" errors.
Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
|
|
support doas
Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
|
|
unit tests for sshbuf_dup_string()
Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
|
|
tweak previous;
Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
|
|
Allow ExitOnForwardFailure and ClearAllForwardings to be
overridden when using ssh -W (but still default to yes in that case).
bz#2577, ok djm@.
Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
|
|
Move the host and port used by ssh -W into the Options
struct. This will make future changes a bit easier. ok djm@
Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
|
|
Check min and max sizes sent by the client against what
we support before passing them to the monitor. ok djm@
Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
|
|
Ensure that the client's proposed DH-GEX max value is at
least as big as the minimum the server will accept. ok djm@
Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
|
|
|
|
|
|
Backout rev. 1.43 for now.
The function update_progress_meter() calls refresh_progress_meter()
which calls snmprintf() which calls malloc(); but update_progress_meter()
acts as the SIGALRM signal handler.
"malloc(): error: recursive call" reported by sobrado@.
Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
|
|
Even when only writing an unescaped character, the dst
buffer may need to grow, or it would be overrun; issue found by tb@ with
malloc.conf(5) 'C'.
While here, reserve an additional byte for the terminating NUL
up front such that we don't have to realloc() later just for that.
OK tb@
Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
|
|
Fix two rare edge cases: 1. If vasprintf() returns < 0,
do not access a NULL pointer in snmprintf(), and do not free() the pointer
returned from vasprintf() because on some systems other than OpenBSD, it
might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
rather than -1 and NULL.
Besides, free(dst) is pointless after failure (not a bug).
One half OK martijn@, the other half OK deraadt@;
committing quickly before people get hurt.
Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0
|
|
To prevent screwing up terminal settings when printing to
the terminal, for ASCII and UTF-8, escape bytes not forming characters and
bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
character sets, abort printing of the current string in these cases. In
particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
sanitize data received from the remote host; * sanitize filenames, usernames,
and similar data even locally; * take character display widths into account
for the progressmeter.
This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.
Using feedback from djm@ and martijn@,
various aspects discussed with many others.
deraadt@ says it should go in now, i probably already hesitated too long
Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
|
|
KNF compression proposal and simplify the client side a
little. ok djm@
Upstream-ID: aa814b694efe9e5af8a26e4c80a05526ae6d6605
|
|
Back out 'plug memleak'.
Upstream-ID: 4faacdde136c24a961e24538de373660f869dbc0
|
